You’ve probably noticed that something big is going on in the UK. It’s called “open banking” and although it hasn’t made much difference to the man at the Clapham ATM just yet, it will. In computer terms, it’s rather as if the banks are being obliged to install sockets in customer accounts that anyone can plug in to access those account (with the customers’ permission, of course). So, you can tell your bank to let (eg) Amazon access your bank account and there’s nothing they can do about it. In a recent speech Karina McTeague, director of retail banking supervision at the Financial Conduct Authority (FCA), said that while banks must be “aware of their legal obligations in respect of data protection and consumer protection”, they should allow their customers to make use of [third-party services] in relation to those payment accounts without penalty, including allowing their customers to share their credentials”
So, basically, it’s on. Third parties can have access to bank customer data and there’s nothing that banks do about it. Who will benefit from this? We have long advised our clients that the competition to incumbent financial services providers will not be fintechs. I wrote last year that the major beneficiaries of the regulators pressure to open up the banks will be the internet giantswho already have the customer relationships. Of course, when I say it, no listens. But when the woman at the top of Europe’s biggest retail bank weighs in, I suspect one or two people may sit up and pay attention.
Ana Botín, executive chairman of Santander, told the Financial Times that the EU’s Second Payments Services Directive “needs to be reviewed for the digital age. The theory is good but it needs to be fair — at the moment it’s not symmetrical.”
Her point is that by creating the asymmetry described above, regulators may well have created the conditions to replace an uncompetitive oligarchy (as they it) of banks with an uncontrollable oligarchy of internet giants. This is not, as my colleague Tim Richards wrote last month, a theoretical issue. He used the example of UK insurer Admiral, which created a scheme to allow people with limited credit histories access to insurance products using social media data. The idea was that if people were willing to grant Admiral access to this data they could perform a form of social identification and verification with an element of personality checking to identify people with traits conducive to good driving. It’s didn’t last. Facebook blocked Admiral from getting access to the data:
Is this, as Ms. Botin asks, really fair?
If it isn’t, what should be done about it?
Earlier this year, I had the honour of chairing Scott Galloway at the KnowID conference in Washington. Scott is the author of “The Four”, a book about the power of internet giants (specifically Google, Apple, Facebook and Amazon). In his speech, and his book, he sets out a convincing case for intervention. Just as the government had to step in with anti-trust acts of the early 20th century in recognition of the fascist nature of monopoly capitalism, so Scott argues that they will have to step in a century on and, again, not to subvert capitalism but to save it. His argument centres on the breaking up of the internet giants, but I wonder if the issue of APIs might provide an alternative and eminently practical way forward?
With Scott Galloway at KnowID
Ana suggested that organisations holding the accounts of more than (for example) 50,000 people ought to be subject to some regulation to give API access to the consumer data and it seems to me that this might kill two birds with one stone: it would make it easier for competitors to the internet giants to emerge and might lead to a creative rebalancing of the relationship between the financial sector and the internet sector.
This gives us the obvious regulatory response to the need to create a level playing field: let us put in place a set of reciprocal rights and responsibilities. Forum friend Simon Lelieveldt, who I always listen to on these matters, also suggests this as the way forward. He says that if the European Commission wants a “balanced” market with effective competition then it should “redress the design errors in the PSD-2 and allow banks to ask fees and allow them reciprocal access to the customer data”. I think this gives us a sensible outline manifesto for the next generation of PSD2/GDPR and such like: open, transparent and non-discriminatory pricing for API access to customer data (with the customer’s consent) irrespective of the nature of the organisation: bank, media, telecoms whatever.
Tim Richards and I will be running a workshop session on open banking and the strategies for incumbents, fintechs and competitors on Wednesday June 6th at Money 2020 in Amsterdam just a couple of weeks from now. Please do come along and join in the discussion and debate around this crucial topic. We look forward to seeing you there.
